• How to require a secure RTMP connection (ModuleRequireSecureConnection)

    Note: This module has been removed from the Wowza Module Collection because the same functionality has been added to Wowza Streaming Engine™ software. See Playback Security > Require Secure Connection for more information about this functionality in Wowza Streaming Engine. The source code is retained here for reference.
    This article describes how to use the ModuleRequireSecureConnection module to require that RTMPE, RTMPTE, or RTMPS be used to connect to a given application in Wowza Media Server™ software.

    Notes:
    • The ModuleRequireSecureConnection module is built in with Wowza Media Server™ 3.5. If you're using an earlier version of Wowza Media Server, you must download the MediaSecurity Addon to get this module. Download and unzip the MediaSecurity Addon package, copy the wms-plugin-security.jar file from the package /lib folder to the Wowza Media Server /lib folder, and then restart Wowza Media Server.

    • The ModuleRequireSecureConnection module configures RTMPE network encryption security. RTMPE network encryption security in Wowza Media Server 3.1.2 (and earlier) is provided as an AddOn to Wowza Media Server 3.5. You must install this AddOn if you're running Wowza Media Server 3.5 or later and want to use RTMPE network security. For more information, see How to get Wowza RTMPE AddOn.

    • We recommend the Wowza StreamLock™ AddOn, which provides a free 256-bit SSL certificate that can be used for all of your Wowza media server stream encryption needs. StreamLock-provisioned SSL certificates provide the best security when used with RTMP. The certificates can also be used for secure HTTP streaming (HTTPS). For more information, see the How to get SSL certificates from the StreamLock service.

    Overview


    The ModuleRequireSecureConnection module will reject connections that don't use the encrypted/secure RTMPE, RTMPTE, or RTMPS protocols. For example:
    package com.wowza.wms.plugins;
    
    import com.wowza.wms.amf.*;
    import com.wowza.wms.client.*;
    import com.wowza.wms.module.*;
    import com.wowza.wms.request.*;
    
    public class ModuleRequireSecureConnection extends ModuleBase
    {
        public void onConnect(IClient client, RequestFunction function, AMFDataList params)
        {
            String flashver = client.getFlashVer();
            getLogger().info("Flashver: " + flashver);
            
            Boolean isPublisher = false;
            try
            {
            isPublisher = flashver.startsWith(client.getAppInstance().getProperties().getPropertyStr("AllowEncoder"));
            }
            catch(Exception ex)
            {
            }
            
            if (!client.isSecure() && !isPublisher)
            {
                client.rejectConnection("Secure connection required.");
                getLogger().info("ModuleRequireSecureConnection.onConnect: rejectConnection: clientId:"+client.getClientId());
            }
        }
    }

    Configuration


    In Application.xml, add the following Module definition as the last entry in the Modules list:
    <Module>
         <Name>ModuleRequireSecureConnection</Name>
         <Description>ModuleRequireSecureConnection</Description>
         <Class>com.wowza.wms.security.ModuleRequireSecureConnection</Class>
    </Module>
    Note: If you're running Wowza Media Server 3.1.2 or earlier, add the following <Module> definition as the last entry in the Modules list instead:
    <Module>
         <Name>ModuleRequireSecureConnection</Name>
         <Description>ModuleRequireSecureConnection</Description>
         <Class>com.wowza.wms.plugin.security.ModuleRequireSecureConnection</Class>
    </Module>
    • If you're using an RTMP-based live encoder, add the following Property section to the Properties section below the Modules in the Application.xml file.

    • If you're using a Telestream Wirecast encoder, set the value to Wirecast.

    • If you're using an RTMP-based live encoder that uses the Flash Media version, set the value to FM.

    <Property>
         <Name>AllowEncoder</Name>
         <Value>Wirecast</Value> <!--FM, Wirecast-->
    </Property>
    For other encoders, check the output of the following code:
    getLogger().info("Flashver: "  + flashver);

    Wowza media server software and all components, including modules, source code, and other related items offered on this page, are copyrighted (c) 2006-2014 by Wowza Media Systems, LLC, all rights reserved, and are licensed pursuant to the Wowza Media Software End User License Agreement.
    Originally Published: 10-03-2010.
    Updated: For Wowza Streaming Engine 4.2 on 06-23-2015.

    If you're having problems or want to discuss this article, post in our forum.